Intuit to share payroll data from 1.4 million small businesses with Equifax – Krebs on Security
Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with the big three consumer credit bureaus Equifax from later this year, unless customers opt out by the end of this month.
Intuit says the change is tied to an ‘exciting’ and ‘free’ new service that will allow millions of small business employees to easily access employment and income verification services when they want to apply for a job. loan or line of credit.
âIn early fall 2021, your QuickBooks Online Payroll subscription will include an automated income and employment verification service powered by The job number Equifax, âthe email from Intuit read, which includes a link to the new terms of service. âYour employees may need to verify their income and employment information when they apply for loans, credits or government assistance. Previously, you probably had to manually provide this information to lenders, creditors, or government agencies. These checks will be automated by The Work Number, which helps employees get approvals faster and saves you time.
An Intuit spokesperson clarified that the new service is not available through QuickBooks Online or to all QuickBooks Online users. Intuit’s FAQ on the changes is here.
Equifax’s 2017 mega-breach that exposed the personal and financial details of 145.5 million Americans may have shocked the public, but it hasn’t stopped more than a million employers from continuing. sell their employee data to Equifax, Bloomberg found at the end of 2017.
Workforce Solutions unit is now one of Equifax’s fastest growing companies, contributing more than one-fifth of the company’s $ 3.1 billion in year-to-year revenue last â, wrote Jennifer surane. “Using payroll data from government agencies and thousands of employers – including the vast majority of Fortune 500 companies – Equifax has cultivated a database of 300 million current and historical employment records, according to the documents. regulatory. “
QuickBooks Online user Antoine Citrano posted on Twitter about receiving the notice, noting that the upcoming changes had yet to receive attention in the wider financial or media space.
âThe way I read the terms, Equifax can proactively collect all payroll data in case they need to share it later, the same way they already handle credit reports,â said Citrano, founder and CEO of Acquicent, a company that issues non-fungible tokens (NFTs). âAnd it looks like a disaster ahead, especially given the history of Equifax. “
By selling payroll data to Equifax, Intuit will join some of the world’s largest payroll providers. For example, ADP – the largest payroll software provider in the United States – has long shared payroll data with Equifax.
But Citrano said that Intuit’s move would bring in a lot of fairly small companies.
“ADP is already involved in one way or another, but QuickBooks Online is catching on means that many small and medium-sized employees are going to be affected,” he said.
Why might small businesses think twice about trusting Equifax with their payroll data? The answer is that the company does not have a great track record in protecting this information.
In the days following the 2017 breach at Equifax, KrebsOnSecurity pointed out that The Work Number made it a bit too easy for anyone to learn your salary history. Back then, all you needed to view a person’s entire work and salary history was their Social Security number and date of birth. It didn’t help that for about half of the American population, both pieces of information were known to be in the possession of the criminals behind the breach.
Equifax responded by removing its Work Number website until it could include additional authentication requirements, saying anyone can opt out of Equifax by revealing their salary history.
Equifax’s security enhancements included the addition of four multiple guess questions whose answers were based on publicly available data. But those requirements were easily bypassed, as evidenced by a previous violation at Equifax’s employment division.
The job number is a user-paid verification of the job database created by TALX Corp., a data broker acquired by Equifax in 2007. Four months before the epic 2017 breach went public, KrebsOnSecurity announced that tax refund fraud fraudsters had managed to guess the answers to these secret questions to reset PINs for TALX accounts, which let them view old W-2 tax forms for employees of many Fortune 500 companies.
Intuit says affected customers who do not want this new service included should update their preferences and opt out by July 31, 2021. Otherwise, they will be automatically signed up. According to Intuit, customers can opt out by following these steps:
1. Log in to QuickBooks Online Payroll.
2. Go to Payroll Settings.
3. In the Shared Data section, select the pencil and uncheck the box.
4. Select Save.